Nessus, Snort & Ethereal Power Tools: Customizing Open Source Security Applications

One of the most attractive attributes of Nessus is the simplicity of creating custom extensions (or plugins) to be run with the Nessus engine. This benefit is gained via the specialized language NASL (Nessus Attack Scripting Language). NASL supplies the infrastructure to write network-based scripts without the need to implement the underlying protocols. As NASL does not need to compile, plugins can be run at once, and development is fast. After understanding these benefits, it should be an easy decision to write your next network-based script using NASL. In this introduction we will overview how this is done, with an emphasis on usability and tips for writing your own scripts. If you are already familiar with the NASL language, we hope you will still find useful insights in this chapter.
NASL, as the name implies, is a scripting language specifically designed to run using the Nessus engine. The language is designed to provide the developer with all the tools he/she needs to write a network-based script, supporting as many network protocols as required.
Every NASL is intended to be run as a test. Thus, its first part will always describe what the test is and what a positive...